Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
sav07_lecture_3_skeleton [2007/03/21 10:41] vkuncak |
sav07_lecture_3_skeleton [2007/03/21 10:59] vkuncak |
||
---|---|---|---|
Line 102: | Line 102: | ||
This idea is important in static analysis. | This idea is important in static analysis. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
Line 107: | Line 112: | ||
==== Symbolic execution ==== | ==== Symbolic execution ==== | ||
- | Symbolic execution converts programs into formulas by going forward. It is therefore somewhat analogous to the way an [[interpreter]] for the language would work. It is based on the notion of strongest postcondition. | + | Symbolic execution converts programs into formulas by going forward. It is therefore somewhat analogous to the way an [[interpreter]] for the language would work. |
+ | Avoid renaming all the time. | ||
+ | SE(F,k, c1; c2) = SE(F & R(c1), k+1, c2) (update formula) | ||
+ | |||
+ | SE(F,k,(c1 [] c2); c2) = SE(F, k, c1) | SE(F,k,c2) (explore both branches) | ||
+ | |||
+ | Note: how many branches do we get? | ||
+ | |||
+ | Strongest postcondition: | ||
+ | \begin{equation*} | ||
+ | sp(P,r) = \{ s_2 \mid \exists s_1.\ s_1 \in P \land (s_1,s_2) \in r \} | ||
+ | \end{equation*} | ||
+ | Like composition of a set with a relation. It's called ''relational image'' of set $P$ under relation $r$. | ||
+ | |||
+ | Note: when proving our verification condition, instead of proving that semantics of relation implies error=false, it's same as proving that the formula for set sp(U,r) implies error=false, where U is the universal relation, or, in terms of formulas, computing the strongest postcondition of formula 'true'. | ||
==== Weakest preconditions ==== | ==== Weakest preconditions ==== | ||
While symbolic execution computes formula by going forward along the program syntax tree, weakest precondition computes formula by going backward. | While symbolic execution computes formula by going forward along the program syntax tree, weakest precondition computes formula by going backward. | ||
+ | |||
+ | wp(Q, x=t) = | ||
+ | wp(Q, assume F) = | ||
+ | wp(Q, assert F) = | ||
+ | wp(Q, c1 [] c2) = | ||
+ | wp(Q, c1 ; c2) = | ||
==== Inferring Loop Invariants ==== | ==== Inferring Loop Invariants ==== | ||
Line 127: | Line 152: | ||
Alternative: | Alternative: | ||
* decide that you will only loop for formulas of restricted form, as in abstract interpretation and data flow analysis (next week) | * decide that you will only loop for formulas of restricted form, as in abstract interpretation and data flow analysis (next week) | ||
+ | |||
Line 134: | Line 160: | ||
Suppose that we obtain (one or more) verification conditions of the form | Suppose that we obtain (one or more) verification conditions of the form | ||
\begin{equation*} | \begin{equation*} | ||
- | F \rightarrow \mbox{error}=\mbox{false} | + | F\ \rightarrow\ (\mbox{error}=\mbox{false}) |
\end{equation*} | \end{equation*} | ||
whose validity we need to prove. We here assume that F contains only | whose validity we need to prove. We here assume that F contains only | ||
- | Note: we can check satisfiability of $F \land \mbox{error}=\mbox{true}$. | + | Note: we can check satisfiability of $F\ \land\ (\mbox{error}=\mbox{true})$. |
==== Quantifier Presburger arithmetic ==== | ==== Quantifier Presburger arithmetic ==== |